Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.

To control third party cookies, you can also adjust your browser settings.

Machine Learning: How to Build a Better Threat Detection Model

A look at how Sophos develops its machine learning models. Here, we explain the concepts and show the development and evaluation of a toy model meant to solve the very real problem of detecting malicious URLs.

CVE-2017-0199: life of an exploit

The normal lifecycle of an Office exploit starts with the initial use in targeted attacks. Then, at some point, the information leaks out and cybercrime groups start using it more widely. Offensive security researchers then start experimenting with AV evasion, and the exploit finally ends up in underground exploit builders. Normally this cycle can take a few months. In the case of the CVE-2017-0199 Word exploit, we have observed this in a much more accelerated time scale.

BetaBot Configuration Data Extraction

AKBuilder – The crowdsourced exploit kit

Document exploitation remains a favorite attack technique for distributing malicious content because it is easier to trick victims into opening document attachments than executables. Exploited documents have the added benefit of not requiring victims to manually enable macros, as is often the case for VBA downloaders.